Tested using KeePass 1.26:
While using AutoIT/AutoHotKey's WindowSpy utility I discovered that all text in the notes field for an entry is freely visible. It is visible even when "Show Entry View" is disabled.
I expected this information to be protected in similar fashion to the passwords for each entry in the kdb.
Users may be putting in sensitive information such as serial numbers, answers to password hints, certificate information, etc in this field for their reference -- under the assumption it is reasonably protected. I think this is a valid and common use case.
Temporary fix suggestion -- Suggest a website documentation update with stronger wording to indicate this field is NOT protected from spying as the password fields are.
I would love to see this data be protected from viewing as the password fields are.
Log in to post a comment.